The Musings Of Jeff Chandler

Categories

security-release

The WordPress.org team has released an official update to WordPress dubbed 2.3.3. This update fixes a serious security flaw that was discovered within the XML-RPC implementation. By using this flaw, a specially crafted request would allow any valid user to edit posts of any other user on that blog.

The team also managed to place three bug fixes into the patch which can be viewed here. These types of releases for WordPress.org are serious. No, the world will not end if you do not upgrade. However, you are putting your site at an increased risk of being exploited. As was reported by me on WeblogToolsCollection.com, malicious users are in fact taking advantage of the flaws found within the WP-Forum plugin. If you are using WP-Forum, you are encouraged to disable the plugin until a security patch has been released.

Visit WordPress.org to see the complete details regarding this release.